标签:
NTP服务今天公告了几个高危漏洞,大概信息如下:
描述:包含缓冲区溢出等多个高危或低危漏洞。
危害:可以利用获取服务器权限完全控制服务器,至少可以造成服务器崩溃。
影响范围:只有升级到4.2.8才能解决所有漏洞,我们当前用的是4.2.6
漏洞验证:目前尚未公布可用于验证的攻击模块,为避免风险,建议直接升级。
缓解措施:可以在ntp.conf限制查询时间的来源机器,但是我们是开放给在互联网上的设备的,无法做这样的限制,由于poc未公布,也没有办法通过防火墙堵截,只能暂时关闭NTP服务,建议尽快直接升级。
更多信息和补丁参考以下地址:
http://support.ntp.org/bin/view/Main/SecurityNotice(详细内容贴在下面)
按照升级补丁流程,先在预发布验证功能OK再升级。
另外,由于NTP是个和其它业务无相关性的服务,可做单独完全隔离,降低风险。
When we discover a security vulnerability in NTP we first notify institutional members of the NTP Consortium at Network Time Foundation, then CERT, and finally make a public announcement.
Security related bugs, confirmed or suspected, are to be reported by e-mail to security@ntp.org.
Please refrain from discussing potential security issues in public fora such as the comp.protocols.time.ntp Usenet news-group, our Bug Tracking system, bugs@ntp.org, or any other mailing-list.
The following vulnerabilities have been reported for the Reference Implementation of NTP during the 20+ years that the NTP Project has existed.
config_auth()
auth
key is set in the configuration file, ntpd
would generate a random key on the fly. There were two problems with this: 1) the generated key was 31 bits in size, and 2) it used the (now weak) ntp_random()
function, which was seeded with a 32 bit value and can only provide 32 bits of entropy. This was sufficient back in the late 1990s when this code was written. Not today.restrict ... noquery
in your ntp.conf
file, for non-trusted senders.ntp-keygen
to generate symmetric keysntp-keygen
used a weak seed to prepare a random number generator that was of good quality back in the late 1990s. The random numbers produced was then used to generate symmetric keys. In ntp-4.2.8 we use a current-technology cryptographic random number generator, either RAND_bytes
from OpenSSL, or arc4random()
.restrict ... noquery
in your ntp.conf
file, for non-trusted senders.crypto_recv()
ntp.conf
file contains a crypto pw ...
directive) a remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process.crypto
keyword in your ntp.conf
file.restrict ... noquery
in your ntp.conf
file, for non-trusted senders.ctl_putdata()
restrict ... noquery
in your ntp.conf
file, for non-trusted senders.configure()
restrict ... noquery
in your ntp.conf
file, for non-trusted senders.receive()
: missing return on errorntp_proto.c:receive()
is missing a return;
in the code path where an error was detected, which meant processing did not stop when a specific rare error occurred. We haven‘t found a way for this bug to affect system integrity. If there is no way to affect system integrity the base CVSS score for this bug is 0. If there is one avenue through which system integrity can be partially affected, the base score becomes a 5. If system integrity can be partially affected via all three integrity metrics, the CVSS base score become 7.5.crypto
keyword in your ntp.conf
file.标签:
原文地址:http://www.cnblogs.com/fishou/p/4178108.html